CLAIMS 

What is claimed is: 

1 . A method of auditing a communication session between a source connected to 
a first node of a service network and a destination connected to a second node of the service 
network, wherein at least one of the source and destination are outside of the service network 
and are in communication with an interface of the service network, the method comprising: 

(a) capturing flow activity of selected traffic outside of the service network 
between the source and the destination at selected states and points in time during the 
communication session, including a flow descriptor and corresponding time data for selected 
datagrams outside of the service network that are intended to be placed in the service network; 

(b) capturing flow activity of selected traffic in or at an interface of the 
service network between the source and the destination at selected states and points in time 
during the communication session, including a flow descriptor and corresponding time data for 
selected datagrams placed in the service network; and 

(c) using the flow descriptors and their corresponding time data to identify 
flow activity outside of the service network that corresponds to flow activity in or at an 
interface of the service network. 

2. The method of claim 1 wherein the flow activity captured in steps (a) and (b) 
further includes total packets for the selected datagrams, the method further comprising: 

(d) comparing the total packets of selected flow activity outside of the 
service network with the total packets in corresponding flow activity in or at a service interface 
of the service network to perform packet loss data analysis. 

3. The method of claim 2 wherein step (d) further comprises comparing the total 
packets of selected flow activity outside of the service network with the total packets in 
corresponding flow activity in or at a service interface of the service network to determine at 
least one of the conditions of: no loss, loss in the service network, loss outside of the service 
network, and loss inside and outside of the service network. 

4. The method of claim 2 wherein step (d) further comprises comparing the total 
packets of selected flow activity outside of the service network with the total packets in 
corresponding flow activity in or at a service interface of the service network to determine at 
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least one of the conditions of: an alternate path into the service network and an alternate path 
around the service network. 

5. The method of claim 1 further comprising: 

(d) storing the flow activity outside of the service network in time- stamped 
flow activity records of one or more external network flow collectors, and storing the flow 
activity in or at the interface of the service network in time-stamped flow activity records of 
one or more internal network flow collectors, wherein step (c) is performed using the records in 
the external and internal network flow collectors. 

6. The method of claim 1 wherein steps (a) and (b) are performed by a flow 

meter. 

7. The method of claim 1 further comprising: 

(d) determining if selected flow activity captured outside of the service 
network corresponds to flow activity captured in or at an interface of the service network, and, 
if so, then the datagrams associated with the selected flow activity captured outside of the 
service network have successfully passed through the service network, and thus have received a 
desired service. 

8. The method of claim 1 further comprising: 

(d) determining if selected flow activity captured outside of the service 
network does not correspond to any flow activity captured in or at an interface of the service 
network, and, if so, then the datagrams associated with the selected flow activity outside of the 
service network may not have passed through the service network, and thus may not have 
received a desired service. 

9. The method of claim 1 wherein ingress and egress flow activity is captured at a 
service interface in the service network, the method further comprising: 

(d) determining if selected flow activity captured outside of the service 
network corresponds to one, but not both of, ingress and egress flow activity captured at the 
ingress and egress service interface in the service network, and, if so, then the datagrams 
associated with the selected flow activity captured outside of the service network may not have 
passed bidirectionally through the service network, and thus may not have received a desired 
service. 
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10. The method of claim 1 wherein ingress and egress flow activity is captured at a 
service interface in the service network, the method further comprising: 

(d) determining if selected flow activity captured outside of the service 
network corresponds to only some, but not all, of ingress and egress flow activity captured at 
the ingress and egress service interface in the service network, and, if so, then only some of the 
datagrams associated with the selected flow activity captured outside of the service network 
have successfully passed through the service network, and thus may not have received a desired 
service. 

1 1 . The method of claim 1 wherein the flow activity captured in steps (a) and (b) 
further includes a mathematical representation of the sequence number loss distribution for the 
selected datagrams, the method further comprising: 

(d) comparing the sequence number loss distribution of flow activity 
captured outside of the service network with the sequence number loss distribution in 
corresponding flow activity in or at an interface of the service network to detect whether there 
is a deterministic pattern of missing sequence numbers in the flow activity captured in or at an 
interface of the service network that indicates that the service network is performing load 
balancing, and is thus not passing selected traffic through the service network. 

12. The method of claim 1 further comprising: 

(d) determining if selected source egress and destination ingress flow 
activity captured outside of the service network corresponds to flow activity captured in or at an 
interface of the service network, and, if so, then the destination is determined to be reachable 
from the source via the service network. 

13. The method of claim 1 further comprising: 

(d) determining if selected ingress and egress flow activity captured outside 
of the service network corresponds to both ingress and egress flow activity captured in or at an 
interface of the service network, and, if so, then connectivity is determined to exist between the 
source and the destination. 

14. The method of claim 1 further comprising: 
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(d) calculating time duration data of the identified flow activity outside of 
the service network that corresponds to flow activity in or at an interface of the service 
network; and 

(e) using the time duration data to determine one or more round-trip delay 

parameters. 

15. The method of claim 1 further comprising: 

(d) calculating time duration data of the identified flow activity outside of 
the service network that corresponds to flow activity in or at an interface of the service 
network; and 

(e) using the time duration data to determine one or more one-way delay 

parameters. 
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